Gerenciamento baseado em modelos da configuração de sistemas de segurança em ambientes de redes complexos / Model-based configuration management of security systems in complex network environments

Pereira, João Porto de Albuquerque

24 May 2006

Orientador: Paulo Licio de Geus / Tese (doutorado) - Universidade Estadual de Campinas, Instituto de Computação / Made available in DSpace on 2018-08-07T08:33:59Z (GMT). No. of bitstreams: 1 Pereira_JoaoPortodeAlbuquerque_D.pdf: 3410336 bytes, checksum: b604fcebba7d50ce5939b35de40ce518 (MD5) Previous issue date: 2006 / Resumo: Os mecanismos de segurança empregados em ambientes de redes atuais têm complexidade crescente e o gerenciamento de suas configurações adquire um papel fundamental para proteção desses ambientes. Particularmente em redes de computadores de larga escala, os administradores de segurança se vêem confrontados com o desafio de projetar, implementar, manter e monitorar um elevado número de mecanismos, os quais possuem sintaxes de configuração heterogêneas e complicadas. Uma conseqüência dessa situação é que erros de configuração são causas freqüentes de vulnerabilidades de segurança. O presente trabalho oferece uma sistemática para o gerenciamento da configuração de sistemas de segurança de redes que corresponde especialmente às necessidades dos ambientes complexos encontrados em organizações atuais. A abordagem, construída segundo o paradigma de Gerenciamento Baseado em Modelos, inclui uma técnica de modelagem que trata uniformemente diferentes tipos de mecanismos e permite que o projeto de suas configurações seja executado de forma modular, mediante um modelo orientado a objetos. Esse modelo é segmentado em Subsistemas Abstratos, os quais encerram um grupo de mecanismos de segurança e outras entidades relevantes do sistema ¿ incluindo seus diferentes tipos de mecanismo e as inter-relações recíprocas entre eles. Uma ferramenta de software apóia a abordagem, oferecendo um diagrama para edição de modelos que inclui técnicas de visualização de foco e contexto. Essas técnicas são particularmente adaptadas para cenários de larga escala, possibilitando ao usuário a especificação de certa parte do sistema sem perder de vista o contexto maior no qual essa parte se encaixa. Após a conclusão da modelagem, a ferramenta deriva automaticamente parâmetros de configuração para cada mecanismo de segurança do sistema, em um processo denominado refinamento de políticas. Os principais resultados deste trabalho podem ser sumarizados nos seguintes pontos: (i) uma técnica de modelagem uniforme e escalável para o gerenciamento de sistemas de segurança em ambientes complexos e de larga escala; (ii) um processo para o projeto de configurações apoiado por uma ferramenta que inclui técnicas de foco e contexto para melhor visualização e manipulação de grandes modelos; (iii) uma abordagem formal para a validação do processo de refinamento de políticas / Abstract: The security mechanisms employed in current networked environments are increasingly complex, and their configuration management has an important role for the protection of these environments. Especially in large scale networks, security administrators are faced with the challenge of designing, deploying, maintaining and monitoring a huge number of mechanisms, most of which have complicated and heterogeneous configuration syntaxes. Consequently, configuration errors are nowadays a frequent cause of security vulnerabilities. This work offers an approach to the configuration management of network security systems specially suited to the needs of the complex environments of today¿s organizations. The approach relies upon the Model-Based Management (MBM) paradigm and includes a modelling framework that allows the design of security systems to be performed in a modular fashion, by means of an object-oriented model. This model is segmented into logical units (so-called Abstract Subsystems) that enclose a group of security mechanisms and other relevant system entities, offering a more abstract representation of them. In this manner, the administrator is able to design a security system¿including its different mechanism types and their mutual relations¿by means of an abstract and uniform modelling technique. A software tool supports the approach, offering a diagram editor for models, which includes focus and context visualization techniques. These techniques are particularly suitable to large scale scenarios, enabling a designer to precisely specify a given part of the system without losing the picture of the context to which this part belongs. After the model is complete, the tool automatically derives configuration parameters for each security mechanism in the system, in a process called policy refinement. The major results of this work can be summarised as follows: (i) definition of a uniform and scalable object-oriented modelling framework for the configuration management of large, complex network security systems; (ii) development of a configuration design process assistes by a tool that implements focus and context techniques to improve visualization and manipulation of large models; (iii) a formal validation approach of the policy refinement process / Doutorado / Doutor em Ciência da Computação

Redes de computadores - Gerência

Modelagem de dados

Internet

Computer networks, security measures

Computer networks, management

Data modeling

Internet (Computer networks)

Integrated Network Management Using Extended Blackboard Architecture

Prem Kumar, G

07 1900

No description available.

Computer Networks - Management

Computer Network Architectures

Integrated Network Management (INM)

Extended Blackboard Architecture

Network Fault Management

Security Management

Network Management (NM)

Computer Science

Proposta e validação de nova arquitetura de redes de data center / Proposal and Validation of New Architecture for Data Center Networks

Macapuna, Carlos Alberto Bráz

18 August 2018

Orientadores: Mauricio Ferreira Magalhães; Christian Esteve Rothenberg / Dissertação (mestrado) - Universidade Estadual de Campinas, Faculdade de Engenharia Elétrica e de Computação / Made available in DSpace on 2018-08-18T11:07:49Z (GMT). No. of bitstreams: 1 Macapuna_CarlosAlbertoBraz_M.pdf: 1236245 bytes, checksum: a91bba6ee11302ae78b90231dd6c0241 (MD5) Previous issue date: 2011 / Resumo: Assim como as grades computacionais, os centros de dados em nuvem são estruturas de processamento de informações com requisitos de rede bastante exigentes. Esta dissertação contribui para os esforços em redesenhar a arquitetura de centro de dados de próxima geração, propondo um serviço eficaz de encaminhamento de pacotes, que explora a disponibilidade de switches programáveis com base na API OpenFlow. Desta forma, a dissertação descreve e avalia experimentalmente uma nova arquitetura de redes de centro de dados que implementa dois serviços distribuídos e resilientes a falhas que fornecem as informações de diretório e topologia necessárias para codificar aleatoriamente rotas na origem usando filtros de Bloom no cabeçalho dos pacotes. Ao implantar um exército de gerenciadores de Rack atuando como controladores OpenFlow, a arquitetura proposta denominada Switching with in-packet Bloom filters (SiBF) promete escalabilidade, desempenho e tolerância a falhas. O trabalho ainda defende a ideia que o encaminhamento de pacotes pode tornar-se um serviço interno na nuvem e que a sua implementação pode aproveitar as melhores práticas das aplicações em nuvem como, por exemplo, os sistemas de armazenamento distribuído do tipo par <chave,valor>. Além disso, contrapõe-se ao argumento de que o modelo de controle centralizado de redes (OpenFlow) está vinculado a um único ponto de falhas. Isto é obtido através da proposta de uma arquitetura de controle fisicamente distribuída, mas baseada em uma visão centralizada da rede resultando, desta forma, em uma abordagem de controle de rede intermediária, entre totalmente distribuída e centralizada / Abstract: Cloud data centers, like computational Grids, are information processing fabrics with very demanding networking requirements. This work contributes to the efforts in re-architecting next generation data centers by proposing an effective packet forwarding service that exploits the availability of programmable switches based on the OpenFlow API. Thus, the dissertation describes and experimentally evaluates a new architecture for data center networks that implements two distributed and fault-tolerant services that provide the directory and topology information required to encode randomized source routes with in-packet Bloom filters. By deploying an army of Rack Managers acting as OpenFlow controllers, the proposed architecture called Switching with in-packet Bloom filters (SiBF) promises scalability, performance and fault-tolerance. The work also shows that packet forwarding itself may become a cloud internal service implemented by leveraging cloud application best practices such as distributed key-value storage systems. Moreover, the work contributes to demystify the argument that the centralized controller model of OpenFlow networks is prone to a single point of failure and shows that direct network controllers can be physically distributed, yielding thereby an intermediate approach to networking between fully distributed and centralized / Mestrado / Engenharia de Computação / Mestre em Engenharia Elétrica

Arquitetura de redes de computador

Centros de processamento de dados

Redes de computadores - Gerência

Redes de computadores - Protocolos

Redes de computadores

Computer networks

Architecture of computer networks

Data processing center

Computer networks (Management)

Computer networks - Protocols

Vulnerabilities in SNMPv3

Lawrence, Nigel Rhea

10 July 2012

Network monitoring is a necessity for both reducing downtime and ensuring rapid response in the case of software or hardware failure. Unfortunately, one of the most widely used protocols for monitoring networks, the Simple Network Management Protocol (SNMPv3), does not offer an acceptable level of confidentiality or integrity for these services. In this paper, we demonstrate two attacks against the most current and secure version of the protocol with authentication and encryption enabled. In particular, we demonstrate that under reasonable conditions, we can read encrypted requests and forge messages between the network monitor and the hosts it observes. Such attacks are made possible by an insecure discovery mechanism, which allows an adversary capable of compromising a single network host to set the keys used by the security functions. Our attacks show that SNMPv3 places too much trust on the underlying network, and that this misplaced trust introduces vulnerabilities that can be exploited.

Vulnerability

Man-in-the-middle

MITM

Exploit

Weakness

Authoritative

Non-authoritative

USM

TSM

Rfc1443

1443

Auth

Authentication

NMS

Manager

Management

Embedded

Computer networks Monitoring

Computer networks Management

Connection management applications for high-speed audio networking

Sibanda, Phathisile

12 March 2008

Traditionally, connection management applications (referred to as patchbays) for high-speed audio networking, are predominantly developed using third-generation languages such as C, C# and C++. Due to the rapid increase in distributed audio/video network usage in the world today, connection management applications that control signal routing over these networks have also evolved in complexity to accommodate more functionality. As the result, high-speed audio networking application developers require a tool that will enable them to develop complex connection management applications easily and within the shortest possible time. In addition, this tool should provide them with the reliability and flexibility required to develop applications controlling signal routing in networks carrying real-time data. High-speed audio networks are used for various purposes that include audio/video production and broadcasting. This investigation evaluates the possibility of using Adobe Flash Professional 8, using ActionScript 2.0, for developing connection management applications. Three patchbays, namely the Broadcast patchbay, the Project studio patchbay, and the Hospitality/Convention Centre patchbay were developed and tested for connection management in three sound installation networks, namely the Broadcast network, the Project studio network, and the Hospitality/Convention Centre network. Findings indicate that complex connection management applications can effectively be implemented using the Adobe Flash IDE and ActionScript 2.0.

Flash (Computer file)

Computer networks

Computer networks -- Management

Digital communications

Computer sound processing

Broadcast data systems

C# (Computer program language)

C++ (Computer program language)

ActionScript (Computer program language)

The role of cloud computing in addressing small, medium enterprise challenges in South Africa

Kumalo, Nkosi Hugh

08 1900

This thesis was motivated by Roberts (2010) who found that 63% of SMEs in South Africa do not make it past second year of operation. To expand further on this problem, we reviewed literature to understand key business challenges experienced by SMEs in South Africa which contribute to this high failure rate. The challenges include red tape, labour legislation, lack of skills, lack of innovation, impact of crime, and lack of funds. The research project aimed to answer a key question: “How can information technology, in the form of Cloud Computing be used to address the challenges faced by small and medium businesses in South Africa?” To answer this question, data was collected from 265 SME companies and quantitatively analysed. It is important to note that the profile of SMEs targeted in this study are those that employed fewer than 200 employees, with a turnover of not less than 26 million rand per annum, and registered with South African Revenue Services (SARS) and also with the Companies and Intellectual Property Commission (CIPC) of South Africa. Over 60% of the firms that responded to the survey were in business for more than 10 years which means we are mainly dealing with data from businesses that have past the survivalist stage and are matured businesses. These are businesses that can share their experiences and challenges they faced throughout their journey. The profile of SMEs in this study should not be confused with that of Very Small Medium Enterprise Businesses. The questionnaire was designed to address four themes being the Demographic profile, SME Business Environment, Threat of Survival, and lastly Technology Adoption. Key finding in this research is that 60% of the panellists stated that red tape is the overriding challenge that small businesses contend with. 67% of the panellists confirmed that they have not invested in their businesses in the past year; and 53% stated that they have not applied for finance from the bank for fear of being rejected. Only 30% of the SME market were found to use enterprise resource planning (ERP) and 62% do not have their own IT department. Of great concern is that 65% of the panellists have experienced server down time at least once in the past year. Inability to predict the rising IT costs in a firm has been cited as the main concern when running IT on premise. The cost predictability finding was also discovered to be a benefit enjoyed by the SMEs who use Cloud Computing. The conclusion is that there is a relationship between Cloud Computing, Small and Medium Enterprise businesses and the challenges they face in their business environment. To address the identified business challenges, technology adoption studies by Gumbi & Mnkandla (2015), Carcary, Doherty & Conway (2014), Lacovou et al (1995), Mohlomeane & Ruxwana (2014), Kshetri (2010), BMI Research (2018), Conway & Curry (2012), Li, Zhao & Yu (2015), Wernefeldt (1985), Schindehuitte & Morris (2001), Tornatzy & Flesher (1991) were reviewed. From these publications, the Technology, Organisational and Environmental (TOE) was found to be relevant and of interest for use in answering the main research question. This study developed the Cloud Adoption Framework which is the anchor of all SME challenges. Key study contribution is that the TOE model, which is predominantly used to understand the determinants of technology adoption like various industry applications, infrastructure innovations etc., are now used to address specific challenges that have contributed in the high failure rate of SME business. This is the first-time TOE model has been used to align with key SME challenges that contribute to firms’ failure. Specific technology across Software, Infrastructure and Platform services models are recommended for use by SMEs to ensure challenges are mitigated and improve the chances of survival for SMEs operating in South Africa. By following the recommended Cloud Adoption Framework, SMEs should be able to navigate the complexities brought about by the tough operating environment and also the technologies available to address those challenges. All six challenges have solutions in Cloud Computing and SMEs are educated on these solutions and also how to access these on a pay as you use model of consumption. / Business Management / D.B.L.

SME

Small and mdeium enterprise

Cloud adoption

Cloud computing

Cloud

Enterprise business challenges

South Africa

Information technology

IT

004.6782068

Cloud computing -- South Africa

Management information systems

E-trust: a building block for developing valuable online platforms in Higher Education

Van Wyk, Byron Jay

January 2013

Thesis submitted in fulfilment of the requirements for the degree Master of Technology Design in the Faculty of Informatics and Design at the Cape Peninsula University of Technology Supervisor: Prof J Messeter Cape Town, 2013 / The aim of this research project was to provide an answer to the question: “How can an understanding of online trust be used to build valuable online applications in Higher Education?” In order to present an answer to this question, a literature survey was conducted to establish: • An understanding of the phenomenon of online trust • What the factors are that influence a loss of trust in the online environment The literature survey highlighted several factors that influence a loss of trust in the online environment, called trust cues. These factors, however, were often tested within the E-commerce environment, and not in organization-specific contexts, such as online platforms in use in Higher Education. In order to determine whether or not these factors would influence the development of trust in context-specific environments, the author of this research grouped the indentified trust factors into three focus areas, i.e. content, ease of use, and navigation. These factors were then incorporated into a series of nine different prototypes. These prototypes were different versions of a particular online platform currently in use at the Cape Peninsula University of Technology (CPUT). The prototypes were tested over a three week period, with certain staff members at the institution in question recruited as test participants. During each week of user observations, a different focus area was targeted, in order to establish the impact that it would have on the perceived trustworthiness of the platform in question. User observations were conducted while test participants completed a standard process using the various prototypes. Semi-structured interviews were also conducted while participants completed the specific process. Participants were asked to evaluate each screen in the process according to its perceived trust worthiness, by assigning a trust level score. At the completion of the three rounds of user observations, in-depth interviews were conducted with test participants. The participants’ trust level scores for each prototype were captured and graphed. A detailed description for the score given for a particular screen was presented on each graph. These scores were combined to provide an analysis of the focus area tested during the specific round. After the three rounds of user observations were completed, an analysis of all the trust factors tested were done. Data captured during interviews were transcribed, combined with feedback received from questionnaires, and analysed. An interpretation of the results showed that not all trust factors had a similar influence in the development of trust in the online platform under investigation. Trust cues such as content organization, clear instructions and useful content were by far the most significant trust factors, while others such as good visual design elements, professional images of products, and freedom from grammatical and typographical errors had little or no impact in the overall trustworthiness of the platform under investigation. From the analysis done it was clear that the development of trust in organization-specific contexts is significantly different than developing trust in an E-commerce environment and that factors that influence the development of trust in one context might not always be significant in another. In conclusion, it is recommended that when software applications are developed in organization-specific contexts, such as Higher Education, that trust factors such as good content organization, clear instructions and useful content be considered as the most salient. Organization-specific contexts differ quite significantly in that the users of these systems often convey a certain degree of trust toward the online platforms that they work with on a daily basis. Trust factors that are geared toward developing an initial or basic trust in a particular platform, which is often the case with first time users engaging in an E-commerce platform, would therefore not be as significant in the development of a more developed level of trust, which is what is needed within the development of organization-specific online platforms.

Internet in education.

Online trust

Dissertations, Academic.

MTech

Theses, dissertations, etc.